diff --git a/api/middleware/auth.js b/api/middleware/auth.js
new file mode 100644
index 0000000..4adff15
--- /dev/null
+++ b/api/middleware/auth.js
@@ -0,0 +1,22 @@
+export const validateMedicationApiKey = (req, res, next) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+
+  if (!token || token !== process.env.MEDICATION_API_KEY) {
+    console.log('MEDICATION - User entered an Invalid token: ', token);
+    return res.status(401).json({ error: 'Unauthorized - Invalid API Key' });
+  }
+  next();
+};
+
+export const validateShiftSyncApiKey = (req, res, next) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+  
+  if (!token || token !== process.env.SHIFTSYNC_API_KEY) {
+    console.log('SHIFT - User entered an Invalid token: ', token);
+    return res.status(401).json({ error: 'Unauthorized - Invalid API Key' });
+  }
+  
+  next();
+};
diff --git a/api/server.js b/api/server.js
index d4267d5..1e2c7df 100644
--- a/api/server.js
+++ b/api/server.js
@@ -2,7 +2,9 @@ import express from 'express';
 import cors from 'cors';
 import dotenv from 'dotenv';
 import { medicationRouter } from './services/medications/index.js';
+import { shiftsRouter } from './services/shifts/index.js';
 import { shiftRunQuery } from './services/shiftConnection.js';
+import { validateMedicationApiKey, validateShiftSyncApiKey } from './middleware/auth.js';
 dotenv.config();
 
 const app = express();
@@ -22,7 +24,11 @@ app.use(express.json());
 
 const apiRouter = express.Router();
 
-apiRouter.use('/medication', medicationRouter);
+// ParamyxRx Router (/api/medication)
+apiRouter.use('/medication', validateMedicationApiKey, medicationRouter);
+
+// ShiftSync Router (/api/shifts)
+apiRouter.use('/shifts', validateShiftSyncApiKey, shiftsRouter);
 
 app.get("/api", (req, res) => {
   res.json('Welcome to Shift Sync API');
@@ -30,7 +36,7 @@ app.get("/api", (req, res) => {
 
 app.use('/api', apiRouter);
 
-app.get('/db-health', async (req, res) => {
+app.get('/api/db-health', async (req, res) => {
   try {
     const result = await shiftRunQuery('SELECT NOW()');
     res.json({ connected: true, time: result.rows[0].now });
diff --git a/api/services/operations/medications.js b/api/services/operations/medications.js
index 63b29f6..a225df5 100644
--- a/api/services/operations/medications.js
+++ b/api/services/operations/medications.js
@@ -16,7 +16,7 @@ const getBaseMedications = async () => {
     const dataResp = medicationHelpers.getBaseMedications();
     return dataResp;
   } catch (err) {
-    console.log('GET MEDICATIONS ERROR: ', err);
+    console.log('GET BASE MEDICATIONS ERROR: ', err);
     throw err;
   }
 }
diff --git a/api/services/shifts/index.js b/api/services/shifts/index.js
new file mode 100644
index 0000000..dcf519f
--- /dev/null
+++ b/api/services/shifts/index.js
@@ -0,0 +1,3 @@
+import express from 'express';
+
+export const shiftsRouter = express.Router();
\ No newline at end of file